CVE-2025-34519

High CVSS: 8.2

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash function without applying a per‑password salt. Because MD5 is a fast, unsalted hash, an attacker who obtains the password database can efficiently perform offline dictionary, rainbow‑table, or brute‑force attacks to recover the original passwords. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet.

Vendor

Ilevia

Product

Eve X1 Server Firmware

CWE

CWE-327

Yayın Tarihi

2025-10-16 18:15:36

Güncelleme

2025-11-06 19:15:41

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-327 Eve X1 Server Firmware HIGH Ilevia 2025

Referanslar

https://www.ilevia.com/ https://www.vulncheck.com/advisories/ilevia-eve-x1-server-insecure-hashing-algorithm https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5964.php

Benzer Kayıtlar

Critical

CVE-2025-60739

Cross Site Request Forgery (CSRF) vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logi…

Medium

CVE-2025-60737

Cross Site Scripting vulnerability in Ilevia EVE X1 Server Firmware Version

Critical

CVE-2025-60738

An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 2025_07_21 and before…

Critical

CVE-2025-34516

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a use of default credentials vulnerability that allows an…

High

CVE-2025-34517

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an absolute path traversal vulnerability in get_file_cont…

High

CVE-2025-34518

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a relative path traversal vulnerability in get_file_conte…